[Samba] nested groups not working with sudo and winbind

Gerald (Jerry) Carter jerry at samba.org
Thu Apr 24 13:02:02 GMT 2008

Hash: SHA1

Glenn Bailey wrote:
|>> I'm having an issue with sudo not recognizing nested groups via AD and
|>> winbind. I have an AD group called UnixAdmins and when I ad and AD
|>> account *directly* into this group, I am able to use sudo just fine as
|>> it is in the sudoers. *but* say I have a nested group in UnixAdmins
|>> like CustomerUsers or whatnot it won't recognize. Now, I also restrict
|>> access via pam.d systems-auth to UnixAdmins, so I know that part it
|>> working. Also, when I run and "id" it shows the proper groups. It's
|>> just seems sudo won't recognize the nested groups :-(
|>> Anyone run into this issue before? It's gonna be an admin nightmare
|>> just to populate UnixAdmins with individual accounts ..
|> This was fixed in the upcoming 3.2 release.  See the "winbind expand
groups" option.
| is there anyway to patch 3.0.28a to allow for this? or
| any kind of workaround?

Not officially.  Are you running a file server?  Or just using
Winbind to authenticate logons?  I originally did the work
in Likewise's Winbind tree and pushed it upstream.  So
it has been shipping in Likewise Open [1] for a while.

[1] http://www.likewisesoftware.com/community/

cheers, jerry
- --
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list